Short Bytes: A team of Italian security researchers has created a Windows filesystem add-on named ShieldFS to fight the ransomware attacks. By using techniques like shadowing and copy-on-write, ShieldFS makes sure that an attack is timely stopped and its backup is restored. In the tests, the add-on was able to detect the malware on 97% occasions.

The pure-detection techniques like antivirus solutions are not sufficient nowadays. Instead, we need modern solutions with practical self-healing powers against serious threats. With the same vision, a team of Italian security researchers has created ShieldSF.

Unveiled at Black Hat last week, ShieldFS is an add-on for Windows native file system to make it immune to different ransomware attacks. According to the researchers Andrea Continella and Federico Maggi, ShieldFS was tested against more than 12 ransomware instances, including WannaCry, and it detected them with 97% success rate.

According to Kaspersky, ShieldFS learns and models the activity of a filesystem over a period. After learning enough, it can compare filesystem against malicious behavior shown by a ransomware.

Moreover, ShieldFS performs copy-on-write on the first write to store the original files. If an attack is detected, the malware is blocked and the original files are recovered if necessary. This is done with the help of a process called “shadowing.” Whenever a suspicious program is detected, ShieldFS enters an observation phase and logs every activity. If it’s concluded that a program is malicious, the code is blocked and backup is restored.

ShieldFS is a result of 18 months work. Apart from WannaCry, it also detects TeslaCrypt, CryptoWall, and CryptoLocker malware. However, it doesn’t protect against Petya ransomware family.

The researchers have said that ShildFS could be a good complement to the backup systems in computers. This way, it could make the backups more secure and let you restore your system before it’s completely locked down.

You can read about ShieldFS and its working in detail in this research paper.